Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Memory Slowly Used/Filled Until PC Freezes


  • This topic is locked This topic is locked
28 replies to this topic

#1 TechGuy737

TechGuy737

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 08 February 2013 - 11:31 PM

Thanks in advance for your time and help.

This post was created per instructions from the following posting:

http://www.bleepingcomputer.com/forums/t/483936/memory-slowly-usedfilled-until-pc-freezes/

Problem:
* The computer freezes after being in use for an hour.
* The computer's memory shows a steady climb of usage until it is maxed.

Operating System: Windows 7 Home Premium
Computer Model: Dell Studio XPS 435T (desktop)
Memory Allocation: 12 Gb

Background Information:
* The machine is my father-in-law's of which I remote access to troubleshoot.
* The machine is roughly 2 years old.
* The machine upon a fresh reboot shows roughly 1.5 Gb of used memory before slowly climbing to a maxed 12 Gb.
* The current preventative software is Malwarebytes Anti-Malware Pro, and Spybot Search & Destroy.
* Deep scans by the preventative software do not find any identified virus, trojan, etc...

 

 

DDS.com report from file:dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by wdiggs at 21:17:13 on 2013-02-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12279.5989 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\InstallBrainService\ibsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchAssistant = hxxp://www.your-search.info/search.html
uCustomizeSearch = hxxp://www.your-search.info/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{3A86CAF6-8A40-4F15-A9DA-8EB826529297} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\wdiggs\AppData\Roaming\Mozilla\Firefox\Profiles\57b9rkbb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.dailycamera.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-30 13:58; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-13 55280]
R2 InstallBrainService;InstallBrain Updater Service;C:\ProgramData\InstallBrainService\ibsvc.exe [2012-7-30 647040]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-2 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-30 3467768]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-13 216064]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-13 215040]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-11-13 639512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 682344]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-13 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-13 79360]
S3 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-25 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-1-2 24176]
S3 Mo3Fltr;MMO Mouse;C:\Windows\System32\drivers\Mo3Fltr.sys [2010-5-27 12800]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-13 689472]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-24 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-10 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-09 00:43:05    9161176    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7547050-5F2A-4175-A43B-59B2157FA814}\mpengine.dll
2013-02-08 17:10:42    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{63F7926E-AD62-422A-9A3C-1BAAC15A2CFD}
2013-02-07 23:58:51    9161176    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-07 17:18:41    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{E6147796-89A3-4A59-B887-92710005AB90}
2013-02-06 16:35:55    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{74A9F714-9CD2-4D7D-9061-916FC671BCF6}
2013-02-05 17:25:50    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{2129D5B6-ADFF-44C5-8848-28CA6299CABC}
2013-02-05 05:02:04    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{D3D8F828-E1BE-4F65-8EE8-88C23419E968}
2013-02-04 17:01:30    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{47D390DC-E6E5-45EA-90F8-24A18D3784B1}
2013-02-03 21:43:00    --------    d-----w-    C:\Program Files (x86)\ESET
2013-02-03 21:33:37    --------    d-----w-    C:\Windows\ERUNT
2013-02-03 21:33:26    --------    d-----w-    C:\JRT
2013-02-03 17:04:59    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{D648837E-4A29-498A-AA5B-61A596197929}
2013-02-02 18:02:59    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{777D5D83-8289-49A4-BE7C-B10D22F61097}
2013-02-01 17:04:25    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4C0BE66D-992A-476A-BB6A-5A43969B6223}
2013-01-31 17:56:50    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{36C983CF-47DC-4B86-827C-C3C83A7B4E2C}
2013-01-30 23:06:15    --------    d-----w-    C:\Program Files (x86)\CodeStuff
2013-01-30 23:00:14    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-01-30 23:00:14    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-01-30 23:00:14    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-01-30 23:00:14    154480    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-01-30 23:00:14    1448448    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-01-30 23:00:13    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-01-30 23:00:13    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-01-30 22:48:00    --------    d-----w-    C:\ProgramData\SecTaskMan
2013-01-30 22:47:55    --------    d-----w-    C:\Program Files (x86)\Security Task Manager
2013-01-30 21:51:36    --------    d-----w-    C:\NVIDIA
2013-01-30 21:27:32    --------    d-----w-    C:\Program Files\CCleaner
2013-01-30 20:50:55    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2013-01-30 16:51:57    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{E60560FD-BA67-4976-974A-F2A9AE661F4E}
2013-01-29 17:06:01    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{3FA20553-E214-489E-9431-0EF8DF383524}
2013-01-28 17:30:13    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{5AE5AC63-0214-4C98-8B97-1A66C6C0A0B2}
2013-01-27 17:32:10    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4E4CD3CF-0417-4F52-9FFE-97E4107D0850}
2013-01-26 17:23:01    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{DA8130D4-1623-4F3B-B69E-78B581D9B88E}
2013-01-25 16:39:29    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{41B97541-C59B-486B-B3FF-153EA73B4DEF}
2013-01-24 16:45:27    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{FF5A766C-B0C2-405B-B881-A1661D05D4AD}
2013-01-23 16:46:53    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{35F0A12C-9EE0-4445-87BA-5FACCD458429}
2013-01-22 17:24:30    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4A756F2C-3136-4826-B460-51F656E3223A}
2013-01-21 16:29:10    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{0CCC7EF1-6358-42F2-914F-8730ADA3EC93}
2013-01-20 17:21:20    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4BCB0FCF-7B4B-4BF1-B298-E470E7A1502B}
2013-01-19 17:02:07    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{7A7EC9F6-DCEA-435E-8080-93F3C95FCE4B}
2013-01-18 17:55:06    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{C494D166-6844-40B9-B72B-589C3FD3FD9D}
2013-01-17 17:03:00    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{58E88F42-CE0C-4C5B-9B8C-2B70B8AA96B9}
2013-01-16 15:37:54    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{E6324A09-3110-432E-932F-5A5D4028F775}
2013-01-15 17:17:18    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{49D6131D-F30D-41BC-A4A4-8C9234048CFD}
2013-01-14 16:35:43    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{702EA48D-39AD-474E-AD18-17FD1DBC5400}
2013-01-13 16:37:19    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{CB953B5C-CD4F-4542-941A-A9757F3DDEAA}
2013-01-12 17:20:16    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{2F318BDE-C1AA-4EEC-832D-B433860F8471}
2013-01-11 17:06:41    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{D93D306C-0266-4C6F-AF32-D2AF35BA9D9E}
2013-01-10 18:09:01    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4B0DEF99-A32B-4B9F-945A-84B13E676305}
2013-01-10 04:56:56    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{7FEB5370-82DB-4DCB-B40D-E46D576050DD}
.
==================== Find3M  ====================
.
2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-09 02:44:16    74248    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 02:44:16    697864    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-29 09:54:24    550328    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2012-12-29 08:40:27    6382008    ----a-w-    C:\Windows\System32\nvcpl.dll
2012-12-29 08:40:27    3455416    ----a-w-    C:\Windows\System32\nvsvc64.dll
2012-12-29 08:40:09    884152    ----a-w-    C:\Windows\System32\nvvsvc.exe
2012-12-29 08:40:09    63928    ----a-w-    C:\Windows\System32\nvshext.dll
2012-12-29 08:40:09    118712    ----a-w-    C:\Windows\System32\nvmctray.dll
2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-14 23:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:44:06    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31    3149824    ----a-w-    C:\Windows\System32\win32k.sys
2012-11-23 03:13:57    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23    800768    ----a-w-    C:\Windows\System32\usp10.dll
2012-11-22 04:45:03    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2012-11-14 06:02:49    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:17:35.70 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 PM

Posted 13 February 2013 - 10:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
IMPORTANT....
 
1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
3. Do not install any other programs until this if fixed.
 
How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html
 
Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===
 
Third party programs if not up to date can be the cause infiltration of an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  •  
    Please post the logs for my review.


    #3 TechGuy737

    TechGuy737
    • Topic Starter

    • Members
    • 37 posts
    • OFFLINE
    •  
    • Local time:02:34 PM

    Posted 14 February 2013 - 04:39 PM

    Thank you very much for your assistance and help.

     

    ComboFix report from file:ComboFix.txt

    ComboFix 13-02-13.02 - wdiggs 02/14/2013  13:52:11.2.8 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12279.7714 [GMT -7:00]
    Running from: c:\users\wdiggs\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6032\AddOnDownloaded\0276115d-b6c6-4a1b-8e6b-68bc9dbe4f93.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\489a0734-0bcc-462a-8a9c-29a40f0007b9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\59abf7b9-a4a7-4d76-9ad6-13c7bb2f4d0b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5f996ddf-fafd-4f93-b623-a362758305b9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\63acf506-979e-4b72-a7ce-2af6dc2b98c4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e3146f6d-11b3-4a00-a026-1ba8b4bb00ff.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll
    c:\users\wdiggs\AppData\Local\._Revolution_
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-01-14 to 2013-02-14  )))))))))))))))))))))))))))))))
    .
    .
    2013-02-14 20:57 . 2013-02-14 20:57    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
    2013-02-14 20:57 . 2013-02-14 20:57    --------    d-----w-    c:\users\Public\AppData\Local\temp
    2013-02-14 20:57 . 2013-02-14 20:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-02-14 20:57 . 2013-02-14 20:57    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
    2013-02-14 19:55 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{974C7633-5A65-428F-A29E-67AB550050B5}\mpengine.dll
    2013-02-13 21:33 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 21:33 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 21:32 . 2013-02-13 21:32    --------    d-sh--w-    c:\windows\SysWow64\%APPDATA%
    2013-02-13 19:38 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-13 19:35 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
    2013-02-13 19:35 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 19:35 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 19:35 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
    2013-02-13 19:35 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
    2013-02-13 19:34 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
    2013-02-13 19:34 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
    2013-02-13 19:34 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
    2013-02-13 19:34 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 19:34 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
    2013-02-13 19:34 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
    2013-02-13 19:34 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-03 21:43 . 2013-02-03 21:43    --------    d-----w-    c:\program files (x86)\ESET
    2013-02-03 21:33 . 2013-02-03 21:33    --------    d-----w-    c:\windows\ERUNT
    2013-02-03 21:33 . 2013-02-03 21:33    --------    d-----w-    C:\JRT
    2013-01-30 23:06 . 2013-01-30 23:06    --------    d-----w-    c:\program files (x86)\CodeStuff
    2013-01-30 23:00 . 2012-08-24 18:13    154480    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
    2013-01-30 23:00 . 2012-08-24 18:09    458712    ----a-w-    c:\windows\system32\drivers\cng.sys
    2013-01-30 23:00 . 2012-08-24 18:05    340992    ----a-w-    c:\windows\system32\schannel.dll
    2013-01-30 23:00 . 2012-08-24 18:03    1448448    ----a-w-    c:\windows\system32\lsasrv.dll
    2013-01-30 23:00 . 2012-08-24 16:57    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
    2013-01-30 23:00 . 2012-08-24 16:57    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
    2013-01-30 23:00 . 2012-08-24 16:53    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
    2013-01-30 22:48 . 2013-01-30 23:11    --------    d-----w-    c:\programdata\SecTaskMan
    2013-01-30 22:47 . 2013-01-30 22:47    --------    d-----w-    c:\program files (x86)\Security Task Manager
    2013-01-30 22:05 . 2013-01-30 22:05    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
    2013-01-30 21:51 . 2013-01-30 21:51    --------    d-----w-    C:\NVIDIA
    2013-01-30 21:27 . 2013-01-30 21:27    --------    d-----w-    c:\program files\CCleaner
    2013-01-30 20:50 . 2013-01-30 20:50    --------    d-----w-    c:\program files (x86)\TeamViewer
    2013-01-20 22:59 . 2013-01-20 22:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-13 21:36 . 2010-01-08 22:45    70004024    ----a-w-    c:\windows\system32\MRT.exe
    2013-02-09 23:44 . 2012-07-22 03:14    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-09 23:44 . 2012-07-22 03:14    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-02 23:16 . 2010-01-19 00:09    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2013-02-02 23:15 . 2010-01-19 00:08    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2013-02-02 23:15 . 2011-02-01 18:52    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2013-02-02 23:15 . 2010-01-08 15:56    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-01-30 10:53 . 2011-01-02 20:59    273840    ------w-    c:\windows\system32\MpSigStub.exe
    2013-01-20 22:59 . 2010-10-25 04:25    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
    2013-01-04 04:43 . 2013-02-13 19:34    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    2012-12-29 10:34 . 2012-10-11 04:23    1504696    ----a-w-    c:\windows\system32\nvdispgenco64.dll
    2012-12-29 10:34 . 2012-10-11 04:23    2824656    ----a-w-    c:\windows\system32\nvapi64.dll
    2012-12-29 10:34 . 2012-10-11 04:23    15052368    ----a-w-    c:\windows\system32\nvwgf2umx.dll
    2012-12-29 10:34 . 2012-10-11 04:22    15129064    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
    2012-12-29 10:34 . 2012-08-03 16:36    1813432    ----a-w-    c:\windows\system32\nvdispco64.dll
    2012-12-29 09:54 . 2012-12-29 09:54    550328    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
    2012-12-29 08:40 . 2009-06-26 23:00    6382008    ----a-w-    c:\windows\system32\nvcpl.dll
    2012-12-29 08:40 . 2009-06-26 23:00    3455416    ----a-w-    c:\windows\system32\nvsvc64.dll
    2012-12-29 08:40 . 2009-06-27 01:00    63928    ----a-w-    c:\windows\system32\nvshext.dll
    2012-12-29 08:40 . 2009-06-26 23:00    884152    ----a-w-    c:\windows\system32\nvvsvc.exe
    2012-12-29 08:40 . 2009-06-26 23:00    118712    ----a-w-    c:\windows\system32\nvmctray.dll
    2012-12-16 17:11 . 2012-12-21 22:59    46080    ----a-w-    c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 22:59    367616    ----a-w-    c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:59    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:59    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
    2012-12-14 23:49 . 2011-01-02 18:25    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2012-12-07 13:20 . 2013-01-10 00:13    441856    ----a-w-    c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-10 00:13    2746368    ----a-w-    c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-10 00:13    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-10 00:13    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-10 00:13    30720    ----a-w-    c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-10 00:13    43520    ----a-w-    c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-10 00:13    23552    ----a-w-    c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-10 00:13    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-10 00:13    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-10 00:13    46592    ----a-w-    c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-10 00:13    40960    ----a-w-    c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-10 00:13    21504    ----a-w-    c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-10 00:13    15360    ----a-w-    c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-10 00:13    55296    ----a-w-    c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-10 00:13    51712    ----a-w-    c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-10 00:13    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-10 00:13    30720    ----a-w-    c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-10 00:13    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-10 00:13    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-10 00:13    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-10 00:13    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-10 00:13    21504    ----a-w-    c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-10 00:13    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-10 00:13    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-10 00:13    55296    ----a-w-    c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-10 00:13    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
    2012-12-02 18:54 . 2010-01-08 15:56    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-12-02 18:53 . 2010-01-08 15:56    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-12-02 18:53 . 2010-12-06 16:39    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-11-30 05:45 . 2013-01-10 00:12    362496    ----a-w-    c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-10 00:12    243200    ----a-w-    c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-10 00:12    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-10 00:12    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-10 00:12    424448    ----a-w-    c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-10 00:12    1161216    ----a-w-    c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-10 00:12    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-10 00:12    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "SPIRunE"="SPIRunE.dll" [2009-07-27 18432]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
    .
    c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 Cdralwnt;Cdralwnt; [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-13 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-13 79360]
    R3 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    R3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys [2008-09-18 12800]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 InstallBrainService;InstallBrain Updater Service;c:\programdata\InstallBrainService\ibsvc.exe [2012-07-30 647040]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
    S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
    S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-07-27 639512]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 23:44]
    .
    2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926588673-2070747204-1782896345-1000Core.job
    - c:\users\wdiggs\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 19:46]
    .
    2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926588673-2070747204-1782896345-1000UA.job
    - c:\users\wdiggs\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 19:46]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uCustomizeSearch = hxxp://www.your-search.info/search.html
    uSearchAssistant = hxxp://www.your-search.info/search.html
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    FF - ProfilePath - c:\users\wdiggs\AppData\Roaming\Mozilla\Firefox\Profiles\57b9rkbb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.dailycamera.com/
    FF - ExtSQL: 2013-01-30 13:58; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-14  13:59:02
    ComboFix-quarantined-files.txt  2013-02-14 20:59
    ComboFix2.txt  2012-09-05 21:52
    .
    Pre-Run: 1,302,246,486,016 bytes free
    Post-Run: 1,302,409,289,728 bytes free
    .
    - - End Of File - - 7E3839AC9DD0B16316A83FD8A451AF7E
     

     

    SecurityCheck report from file:checkup.txt

     Results of screen317's Security Check version 0.99.57  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 9  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    Microsoft Security Essentials   
      (On Access scanning disabled!)
     Error obtaining update status for antivirus!  
    `````````Anti-malware/Other Utilities Check:`````````
     Spybot - Search & Destroy
     Malwarebytes Anti-Malware version 1.70.0.1100  
     WinCleaner OneClick Professional Clean Version 11
     JavaFX 2.1.1    
     Java™ 6 Update 38  
     Java 7 Update 9  
     Java version out of Date!
     Adobe Flash Player 11.5.502.149  
     Adobe Reader 9 Adobe Reader out of Date!
     Mozilla Firefox (18.0.2)
     Google Chrome 21.0.1180.60  
     Google Chrome 24.0.1312.57  
    ````````Process Check: objlist.exe by Laurent````````  
     Microsoft Security Essentials MSMpEng.exe
     Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     

     

    AdwCleaner report from file:AdwCleaner[S1].txt

    # AdwCleaner v2.112 - Logfile created 02/14/2013 at 14:11:17
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : wdiggs - WDIGGS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\wdiggs\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : InstallBrainService

    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\wdiggs\AppData\Roaming\Mozilla\Firefox\Profiles\57b9rkbb.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\wdiggs\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [857 octets] - [14/02/2013 14:11:17]

    ########## EOF - C:\AdwCleaner[S1].txt - [916 octets] ##########
     



    #4 nasdaq

    nasdaq

    • Malware Response Team
    • 39,179 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:34 PM

    Posted 15 February 2013 - 08:35 AM

    Secure your system by updating 3rd party programs.
     
    Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
     
    Be careful not to install malware posing as Java update!
    Important read this blog.
     
    Quoted from the page.
    "In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
     
    How to disable Java in your browsers
     
    You can manually check your present version and update as recommended.
     
    If present remove the old version(s) of Java using the Add/Remove Programs applet.
     
     
    Java™ 6 Update 38  
     Java 7 Update 9 
     
     
    Java 7 update 10 introduced important new security controls
    You can read about it here.
     
    Note
    Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
    I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
    ===
    Get the latest version of the  Adobe Reader.
    Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
     
    When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
    ===
     
    Please post a fresh DDS log and let me know what problem persists.


    #5 TechGuy737

    TechGuy737
    • Topic Starter

    • Members
    • 37 posts
    • OFFLINE
    •  
    • Local time:02:34 PM

    Posted 15 February 2013 - 03:28 PM

    Thanks, and my apologies for not having done this sooner.  I discovered that the original help provided by user:Broni had instructed the same updates and somehow I completely missed that.

    The only version of Java now installed is the latest 7.13 and Adobe Reader is now the latest at XI.  There are no other versions of either program on the machine.

    The memory continues to slowly be filled/showing in use until it tops out.


    DDS report from file:DDS.txt  (I did not attach the "Attach.txt" file.  Let me know if you need that.)
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.13.2
    Run by wdiggs at 13:08:00 on 2013-02-15
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12279.5017 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchAssistant = hxxp://www.your-search.info/search.html
    uCustomizeSearch = hxxp://www.your-search.info/search.html
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\wdiggs\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001013-0002-0013-ABCDEFFEDCBC} - <orphaned>
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
       If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: NameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{3A86CAF6-8A40-4F15-A9DA-8EB826529297} : DHCPNameServer = 75.75.76.76 75.75.75.75
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    .
    INFO: x64-HKLM has more than 50 listed domains.
       If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    Hosts: 127.0.0.1    www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\wdiggs\AppData\Roaming\Mozilla\Firefox\Profiles\57b9rkbb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.dailycamera.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\wdiggs\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-01-30 13:58; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-13 55280]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-2 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-30 3467768]
    R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
    R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
    R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-13 216064]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-13 215040]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-11-13 639512]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 398184]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 682344]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-13 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-13 79360]
    S3 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-25 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-1-2 24176]
    S3 Mo3Fltr;MMO Mouse;C:\Windows\System32\drivers\Mo3Fltr.sys [2010-5-27 12800]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-13 689472]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-24 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-10 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-02-15 19:48:57    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-15 16:24:26    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{C865FDE2-395D-4421-BDF8-9FC2D7FCA3FF}
    2013-02-14 21:39:44    9161176    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23385738-CE78-4620-9656-045D67D28CAA}\mpengine.dll
    2013-02-14 21:28:47    --------    d-sh--w-    C:\$RECYCLE.BIN
    2013-02-14 16:09:07    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4BE4F28B-7A42-4B96-B778-18D85EA18A9B}
    2013-02-13 21:33:29    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 21:33:29    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 21:32:30    --------    d-sh--w-    C:\Windows\SysWow64\%APPDATA%
    2013-02-13 19:38:27    9161176    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-13 19:35:15    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
    2013-02-13 19:35:14    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-13 19:35:13    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-13 19:35:01    3153408    ----a-w-    C:\Windows\System32\win32k.sys
    2013-02-13 19:35:00    215040    ----a-w-    C:\Windows\System32\winsrv.dll
    2013-02-13 19:34:59    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
    2013-02-13 19:34:59    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
    2013-02-13 19:34:59    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
    2013-02-13 19:34:59    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
    2013-02-13 19:34:57    2048    ----a-w-    C:\Windows\SysWow64\user.exe
    2013-02-13 19:34:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
    2013-02-13 19:34:53    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-13 19:28:40    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{7D85FC48-83A0-421F-A0E0-42A78CD6E92A}
    2013-02-12 22:55:40    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{8F1970D8-63EE-41C1-91FF-12A5443FC998}
    2013-02-12 05:18:46    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{2F9AD6DC-FD7E-4059-9320-422181D73C6F}
    2013-02-11 17:11:10    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{D539B486-AC19-4957-85E5-A0BFF58648FD}
    2013-02-10 17:15:53    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{27913FBE-A130-4F15-B63F-3362436D2371}
    2013-02-09 17:11:28    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{D444F728-8DD5-433B-A3B6-5D9F2349F9EC}
    2013-02-08 17:10:42    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{63F7926E-AD62-422A-9A3C-1BAAC15A2CFD}
    2013-02-07 17:18:41    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{E6147796-89A3-4A59-B887-92710005AB90}
    2013-02-06 16:35:55    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{74A9F714-9CD2-4D7D-9061-916FC671BCF6}
    2013-02-05 17:25:50    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{2129D5B6-ADFF-44C5-8848-28CA6299CABC}
    2013-02-05 05:02:04    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{D3D8F828-E1BE-4F65-8EE8-88C23419E968}
    2013-02-04 17:01:30    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{47D390DC-E6E5-45EA-90F8-24A18D3784B1}
    2013-02-03 21:43:00    --------    d-----w-    C:\Program Files (x86)\ESET
    2013-02-03 21:33:37    --------    d-----w-    C:\Windows\ERUNT
    2013-02-03 21:33:26    --------    d-----w-    C:\JRT
    2013-02-03 17:04:59    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{D648837E-4A29-498A-AA5B-61A596197929}
    2013-02-02 18:02:59    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{777D5D83-8289-49A4-BE7C-B10D22F61097}
    2013-02-01 17:04:25    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4C0BE66D-992A-476A-BB6A-5A43969B6223}
    2013-01-31 17:56:50    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{36C983CF-47DC-4B86-827C-C3C83A7B4E2C}
    2013-01-30 23:06:15    --------    d-----w-    C:\Program Files (x86)\CodeStuff
    2013-01-30 23:00:14    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
    2013-01-30 23:00:14    340992    ----a-w-    C:\Windows\System32\schannel.dll
    2013-01-30 23:00:14    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
    2013-01-30 23:00:14    154480    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
    2013-01-30 23:00:14    1448448    ----a-w-    C:\Windows\System32\lsasrv.dll
    2013-01-30 23:00:13    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
    2013-01-30 23:00:13    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
    2013-01-30 22:48:00    --------    d-----w-    C:\ProgramData\SecTaskMan
    2013-01-30 22:47:55    --------    d-----w-    C:\Program Files (x86)\Security Task Manager
    2013-01-30 21:51:36    --------    d-----w-    C:\NVIDIA
    2013-01-30 21:27:32    --------    d-----w-    C:\Program Files\CCleaner
    2013-01-30 20:50:55    --------    d-----w-    C:\Program Files (x86)\TeamViewer
    2013-01-30 16:51:57    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{E60560FD-BA67-4976-974A-F2A9AE661F4E}
    2013-01-29 17:06:01    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{3FA20553-E214-489E-9431-0EF8DF383524}
    2013-01-28 17:30:13    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{5AE5AC63-0214-4C98-8B97-1A66C6C0A0B2}
    2013-01-27 17:32:10    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4E4CD3CF-0417-4F52-9FFE-97E4107D0850}
    2013-01-26 17:23:01    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{DA8130D4-1623-4F3B-B69E-78B581D9B88E}
    2013-01-25 16:39:29    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{41B97541-C59B-486B-B3FF-153EA73B4DEF}
    2013-01-24 16:45:27    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{FF5A766C-B0C2-405B-B881-A1661D05D4AD}
    2013-01-23 16:46:53    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{35F0A12C-9EE0-4445-87BA-5FACCD458429}
    2013-01-22 17:24:30    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4A756F2C-3136-4826-B460-51F656E3223A}
    2013-01-21 16:29:10    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{0CCC7EF1-6358-42F2-914F-8730ADA3EC93}
    2013-01-20 22:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
    2013-01-20 17:21:20    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{4BCB0FCF-7B4B-4BF1-B298-E470E7A1502B}
    2013-01-19 17:02:07    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{7A7EC9F6-DCEA-435E-8080-93F3C95FCE4B}
    2013-01-18 17:55:06    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{C494D166-6844-40B9-B72B-589C3FD3FD9D}
    2013-01-17 17:03:00    --------    d-----w-    C:\Users\wdiggs\AppData\Local\{58E88F42-CE0C-4C5B-9B8C-2B70B8AA96B9}
    .
    ==================== Find3M  ====================
    .
    2013-02-15 19:48:35    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
    2013-02-15 19:48:35    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
    2013-02-09 23:44:17    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-09 23:44:17    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
    2013-01-20 22:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
    2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
    2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
    2012-12-29 09:54:24    550328    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
    2012-12-29 08:40:27    6382008    ----a-w-    C:\Windows\System32\nvcpl.dll
    2012-12-29 08:40:27    3455416    ----a-w-    C:\Windows\System32\nvsvc64.dll
    2012-12-29 08:40:09    884152    ----a-w-    C:\Windows\System32\nvvsvc.exe
    2012-12-29 08:40:09    63928    ----a-w-    C:\Windows\System32\nvshext.dll
    2012-12-29 08:40:09    118712    ----a-w-    C:\Windows\System32\nvmctray.dll
    2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
    2012-12-14 23:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
    2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
    2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
    2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
    2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
    2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
    2012-11-30 02:38:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:13:57    68608    ----a-w-    C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23    800768    ----a-w-    C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
    .
    ============= FINISH: 13:08:24.20 ===============
     



    #6 nasdaq

    nasdaq

    • Malware Response Team
    • 39,179 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:34 PM

    Posted 16 February 2013 - 08:54 AM

    Hello, Welcome to BleepingComputer.
    I'm nasdaq and will be helping you.
     
    If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
    ===
     
    Your Hosts file was compromised and must be reset back to the default.
    How To:
     
    Use the Fix it button on the page.
    ===
     
    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     
    IMPORTANT....
     
    1. Close any open browsers.
     
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
    3. Do not install any other programs until this if fixed.
     
    How to : Disable Anti-virus and Firewall...
     
    Double click on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.

    • Please post the C:\ComboFix.txt

    Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall
     
    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
     
     
    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===
     
    Third party programs if not up to date can be the cause infiltration of an infection.
     
    Please run this security check for my review.
     
    Download Security Check by screen317 from here.
    • Save it to your Desktop.

    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    ===
     
    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
     
    Please download AdwCleaner by Xplode onto your Desktop.

    •  


    • Close all open programs and internet browsers.


    • Double click on AdwCleaner.exe to run the tool.


    • Click on Delete tab follow the prompts.


    • A log file will automatically open after the scan has finished.


    • Please post the content of that log file with your next answer.


    • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

     
     
    Please post the logs for my review.


    #7 TechGuy737

    TechGuy737
    • Topic Starter

    • Members
    • 37 posts
    • OFFLINE
    •  
    • Local time:02:34 PM

    Posted 16 February 2013 - 02:09 PM

    Okay.. we ran all of the above and here are the reports.

    After running all these instructions we are still seeing the memory fill to capacity.  Hopefully we'll find this little bugger soon. :)

     

    The Hosts file was reset after using Microsoft's FixIt program.

     

    ComboFix report from file:ComboFix.txt

    ComboFix 13-02-15.01 - wdiggs 02/16/2013   8:00.3.8 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12279.9877 [GMT -7:00]
    Running from: c:\users\wdiggs\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6032\AddOnDownloaded\0276115d-b6c6-4a1b-8e6b-68bc9dbe4f93.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\489a0734-0bcc-462a-8a9c-29a40f0007b9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\59abf7b9-a4a7-4d76-9ad6-13c7bb2f4d0b.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5b35a8f1-54bf-4743-8fd7-358ffc15372a.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5f996ddf-fafd-4f93-b623-a362758305b9.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\63acf506-979e-4b72-a7ce-2af6dc2b98c4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e3146f6d-11b3-4a00-a026-1ba8b4bb00ff.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-01-16 to 2013-02-16  )))))))))))))))))))))))))))))))
    .
    .
    2013-02-16 15:06 . 2013-02-16 15:06    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
    2013-02-16 15:06 . 2013-02-16 15:06    --------    d-----w-    c:\users\Public\AppData\Local\temp
    2013-02-16 15:06 . 2013-02-16 15:06    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-02-16 15:06 . 2013-02-16 15:06    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
    2013-02-15 20:29 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9B0CA00-879F-49BE-BB23-769042F9B1E4}\mpengine.dll
    2013-02-15 20:21 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-15 19:49 . 2013-02-15 19:49    --------    d-----w-    c:\program files (x86)\Common Files\Java
    2013-02-15 19:48 . 2013-02-15 19:48    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-13 21:33 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 21:33 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 21:32 . 2013-02-13 21:32    --------    d-sh--w-    c:\windows\SysWow64\%APPDATA%
    2013-02-13 19:35 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
    2013-02-13 19:35 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 19:35 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 19:35 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
    2013-02-13 19:35 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
    2013-02-13 19:34 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
    2013-02-13 19:34 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
    2013-02-13 19:34 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
    2013-02-13 19:34 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 19:34 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
    2013-02-13 19:34 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
    2013-02-13 19:34 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-03 21:43 . 2013-02-03 21:43    --------    d-----w-    c:\program files (x86)\ESET
    2013-02-03 21:33 . 2013-02-03 21:33    --------    d-----w-    c:\windows\ERUNT
    2013-02-03 21:33 . 2013-02-03 21:33    --------    d-----w-    C:\JRT
    2013-01-30 23:06 . 2013-01-30 23:06    --------    d-----w-    c:\program files (x86)\CodeStuff
    2013-01-30 23:00 . 2012-08-24 18:13    154480    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
    2013-01-30 23:00 . 2012-08-24 18:09    458712    ----a-w-    c:\windows\system32\drivers\cng.sys
    2013-01-30 23:00 . 2012-08-24 18:05    340992    ----a-w-    c:\windows\system32\schannel.dll
    2013-01-30 23:00 . 2012-08-24 18:03    1448448    ----a-w-    c:\windows\system32\lsasrv.dll
    2013-01-30 23:00 . 2012-08-24 16:57    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
    2013-01-30 23:00 . 2012-08-24 16:57    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
    2013-01-30 23:00 . 2012-08-24 16:53    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
    2013-01-30 22:48 . 2013-01-30 23:11    --------    d-----w-    c:\programdata\SecTaskMan
    2013-01-30 22:47 . 2013-01-30 22:47    --------    d-----w-    c:\program files (x86)\Security Task Manager
    2013-01-30 22:05 . 2013-01-30 22:05    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
    2013-01-30 21:51 . 2013-01-30 21:51    --------    d-----w-    C:\NVIDIA
    2013-01-30 21:27 . 2013-01-30 21:27    --------    d-----w-    c:\program files\CCleaner
    2013-01-30 20:50 . 2013-01-30 20:50    --------    d-----w-    c:\program files (x86)\TeamViewer
    2013-01-20 22:59 . 2013-01-20 22:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-15 19:48 . 2012-08-03 16:27    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
    2013-02-15 19:48 . 2010-05-10 18:57    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
    2013-02-13 21:36 . 2010-01-08 22:45    70004024    ----a-w-    c:\windows\system32\MRT.exe
    2013-02-09 23:44 . 2012-07-22 03:14    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-09 23:44 . 2012-07-22 03:14    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-02 23:16 . 2010-01-19 00:09    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2013-02-02 23:15 . 2010-01-19 00:08    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2013-02-02 23:15 . 2011-02-01 18:52    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2013-02-02 23:15 . 2010-01-08 15:56    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-01-30 10:53 . 2011-01-02 20:59    273840    ------w-    c:\windows\system32\MpSigStub.exe
    2013-01-20 22:59 . 2010-10-25 04:25    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
    2013-01-04 04:43 . 2013-02-13 19:34    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    2012-12-29 10:34 . 2012-10-11 04:23    1504696    ----a-w-    c:\windows\system32\nvdispgenco64.dll
    2012-12-29 10:34 . 2012-10-11 04:23    2824656    ----a-w-    c:\windows\system32\nvapi64.dll
    2012-12-29 10:34 . 2012-10-11 04:23    15052368    ----a-w-    c:\windows\system32\nvwgf2umx.dll
    2012-12-29 10:34 . 2012-10-11 04:22    15129064    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
    2012-12-29 10:34 . 2012-08-03 16:36    1813432    ----a-w-    c:\windows\system32\nvdispco64.dll
    2012-12-29 09:54 . 2012-12-29 09:54    550328    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
    2012-12-29 08:40 . 2009-06-26 23:00    6382008    ----a-w-    c:\windows\system32\nvcpl.dll
    2012-12-29 08:40 . 2009-06-26 23:00    3455416    ----a-w-    c:\windows\system32\nvsvc64.dll
    2012-12-29 08:40 . 2009-06-27 01:00    63928    ----a-w-    c:\windows\system32\nvshext.dll
    2012-12-29 08:40 . 2009-06-26 23:00    884152    ----a-w-    c:\windows\system32\nvvsvc.exe
    2012-12-29 08:40 . 2009-06-26 23:00    118712    ----a-w-    c:\windows\system32\nvmctray.dll
    2012-12-16 17:11 . 2012-12-21 22:59    46080    ----a-w-    c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 22:59    367616    ----a-w-    c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:59    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:59    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
    2012-12-14 23:49 . 2011-01-02 18:25    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2012-12-07 13:20 . 2013-01-10 00:13    441856    ----a-w-    c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-10 00:13    2746368    ----a-w-    c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-10 00:13    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-10 00:13    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-10 00:13    30720    ----a-w-    c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-10 00:13    43520    ----a-w-    c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-10 00:13    23552    ----a-w-    c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-10 00:13    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-10 00:13    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-10 00:13    46592    ----a-w-    c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-10 00:13    40960    ----a-w-    c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-10 00:13    21504    ----a-w-    c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-10 00:13    15360    ----a-w-    c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-10 00:13    55296    ----a-w-    c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-10 00:13    51712    ----a-w-    c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-10 00:13    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-10 00:13    30720    ----a-w-    c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-10 00:13    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-10 00:13    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-10 00:13    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-10 00:13    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-10 00:13    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-10 00:13    21504    ----a-w-    c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-10 00:13    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-10 00:13    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-10 00:13    55296    ----a-w-    c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-10 00:13    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
    2012-12-02 18:54 . 2010-01-08 15:56    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-12-02 18:53 . 2010-01-08 15:56    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-12-02 18:53 . 2010-12-06 16:39    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-11-30 05:45 . 2013-01-10 00:12    362496    ----a-w-    c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-10 00:12    243200    ----a-w-    c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-10 00:12    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-10 00:12    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-10 00:12    424448    ----a-w-    c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-10 00:12    1161216    ----a-w-    c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 00:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-10 00:12    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-10 00:12    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 00:12    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "SPIRunE"="SPIRunE.dll" [2009-07-27 18432]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
    .
    c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 Cdralwnt;Cdralwnt; [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-13 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-13 79360]
    R3 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    R3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys [2008-09-18 12800]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
    S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
    S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-07-27 639512]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 23:44]
    .
    2013-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926588673-2070747204-1782896345-1000Core.job
    - c:\users\wdiggs\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 19:46]
    .
    2013-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926588673-2070747204-1782896345-1000UA.job
    - c:\users\wdiggs\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 19:46]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uCustomizeSearch = hxxp://www.your-search.info/search.html
    uSearchAssistant = hxxp://www.your-search.info/search.html
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    FF - ProfilePath - c:\users\wdiggs\AppData\Roaming\Mozilla\Firefox\Profiles\57b9rkbb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.dailycamera.com/
    FF - ExtSQL: 2013-01-30 13:58; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-16  08:07:25
    ComboFix-quarantined-files.txt  2013-02-16 15:07
    ComboFix2.txt  2012-09-05 21:52
    .
    Pre-Run: 1,304,246,865,920 bytes free
    Post-Run: 1,304,362,237,952 bytes free
    .
    - - End Of File - - 1007C3F2D49471D7DC4CD0E1A35F84A3
     

     

    SecurityCheck report from file:checkup.txt

     Results of screen317's Security Check version 0.99.57  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 9  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    Microsoft Security Essentials   
      (On Access scanning disabled!)
     Error obtaining update status for antivirus!  
    `````````Anti-malware/Other Utilities Check:`````````
     Spybot - Search & Destroy
     Malwarebytes Anti-Malware version 1.70.0.1100  
     WinCleaner OneClick Professional Clean Version 11
     Java 7 Update 13  
     Java version out of Date!
     Adobe Flash Player 11.5.502.149  
     Adobe Reader XI  
     Mozilla Firefox (18.0.2)
     Google Chrome 21.0.1180.60  
     Google Chrome 24.0.1312.57  
    ````````Process Check: objlist.exe by Laurent````````  
     Microsoft Security Essentials MSMpEng.exe
     Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     

     

    AdwCleaner report from file:AdwCleaner[S2].txt

    # AdwCleaner v2.112 - Logfile created 02/16/2013 at 11:55:35
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : wdiggs - WDIGGS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\wdiggs\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\wdiggs\AppData\Roaming\Mozilla\Firefox\Profiles\57b9rkbb.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\wdiggs\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [984 octets] - [14/02/2013 14:11:17]
    AdwCleaner[S2].txt - [875 octets] - [16/02/2013 11:55:35]

    ########## EOF - C:\AdwCleaner[S2].txt - [934 octets] ##########
     



    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 39,179 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:34 PM

    Posted 16 February 2013 - 02:23 PM

    Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop. 
     
     
    Quit all running programs.
     
    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
     
    Click Scan to scan the system. 
    When the scan completes > Close out the program > Don't Fix anything!
     
    Don't run any other options, they're not all bad!!!!!!!
     
    Post back the report which should be located on your desktop.


    #9 TechGuy737

    TechGuy737
    • Topic Starter

    • Members
    • 37 posts
    • OFFLINE
    •  
    • Local time:02:34 PM

    Posted 16 February 2013 - 02:47 PM

    Thanks!  We ran RogueKiller and here are the results...

     

    RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : wdiggs [Admin rights]
    Mode : Scan -- Date : 02/16/2013 12:42:22
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 10 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1       localhost
    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31500341AS +++++
    --- User ---
    [MBR] fb7661344e36e1d32922a5c83b8a8b46
    [BSP] ffbf4328ec3d187cc25ec9472f5d2a32 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10366 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21311488 | Size: 1420392 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02162013_02d1242.txt >>
    RKreport[1]_S_02162013_02d1242.txt



    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 39,179 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:34 PM

    Posted 17 February 2013 - 09:52 AM

     
     
     
    Run RogueKiller again and click Scan
    When the scan completes > click on the Registry tab
    Put a check next to all of these item below and uncheck the rest: (if found)
     
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
     
    Now click Delete on the right hand column under Options
     
    Post back the report which should be located on your desktop.
    ===
     
    I'd like us to scan your machine with ESET OnlineScan
    •  


    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.


    • Click the button.


    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      •  



    • Click on to download the ESET Smart Installer. Save it to your desktop.


    • Double click on the icon on your desktop.

     

    • Check


    • Click the button.


    • Accept any security warnings from your browser.


    • Check


    • Push the Start button.


    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.


    • When the scan completes, push


    • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    • Push the button.


    • Push

     
     
    Please post the logs and let me know if the problem persists.


    #11 TechGuy737

    TechGuy737
    • Topic Starter

    • Members
    • 37 posts
    • OFFLINE
    •  
    • Local time:02:34 PM

    Posted 18 February 2013 - 05:54 PM

    Hello again and thanks for waiting for the logs.

    We only have a report from RogueKiller.  The ESET scan did not produce a report and there wasn't a button to click on for a report.

    The ESET scan took over 8 hours to complete.  It said it did not find any threats.

     

    We did delete the registry entries as specified.  Unfortunately, the memory still fills up.  Is it possible this is a hardware failure?  Would it be alright to install/run a MemTest program?

    Thanks again! :)

     

    RogueKiller report from file:RKreport.txt

    RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : wdiggs [Admin rights]
    Mode : Scan -- Date : 02/17/2013 17:06:08
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1       localhost
    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31500341AS +++++
    --- User ---
    [MBR] fb7661344e36e1d32922a5c83b8a8b46
    [BSP] ffbf4328ec3d187cc25ec9472f5d2a32 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10366 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21311488 | Size: 1420392 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[4]_S_02172013_02d1706.txt >>
    RKreport[1]_S_02162013_02d1242.txt ; RKreport[3]_D_02172013_02d1700.txt ; RKreport[4]_S_02172013_02d1706.txt



    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 39,179 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:34 PM

    Posted 19 February 2013 - 08:57 AM

    Please refer to this page and check your settings on the Virtual Memory.
     
    How to Change Virtual Memory size in Windows 7
     
    Is the System Manger Size button set?
     
    What is the Minimum and maximum size presently?


    #13 TechGuy737

    TechGuy737
    • Topic Starter

    • Members
    • 37 posts
    • OFFLINE
    •  
    • Local time:02:34 PM

    Posted 22 February 2013 - 02:00 PM

    Thanks for your patience.  I have been really busy and just now able to respond.

    Is there any other programs you would recommend to run to discover a Rootkit or Trojan/Virus?

    Do you think this may be a hardware problem?

     

    The System Manager Size is active.

    Minimum: 16Mb

    Maximum: 18417Mb

    Currently Allocated: 12278Mb



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 39,179 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:34 PM

    Posted 22 February 2013 - 02:41 PM

    Run this one.
     
    Download Rootkit Unhooker and save it to your Desktop.
     
    Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.
    Vista/Windows 7 users right-click and select Run As Administrator.
     
    • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • UNcheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait until the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
  •  
    Note: You may get the following warning---just ignore it, click OK and continue. 
    Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?
     
    What you can try also is to remove your old RAMS and run with only the new ram you added.
    It may just be that your previous ram as damaged.


    #15 TechGuy737

    TechGuy737
    • Topic Starter

    • Members
    • 37 posts
    • OFFLINE
    •  
    • Local time:02:34 PM

    Posted 23 February 2013 - 07:48 PM

    Hey thanks for the next update.  Unfortunately the program did not run successfully and showed an error.

    Do you want us to try a different program to search for RootKits?

     

    ---------------------------
    Error loading driver, NTSTATUS code: C000036B
    ---------------------------

     

    The RAM was never replaced.  This is the same as when purchased from Dell 2 yrs ago.  Do you think this might be a hardware failure that we should run a Memory Test program?

     

    Thanks for your help! :)


     






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users